Primary

Context

Apache ShardingSphere ElasticJob-UI Remote Code Execution Vulnerability via H2 JDBC URL

Vulnerability

Patched

A remote code execution vulnerability exists in the Lite UI of Apache ShardingSphere ElasticJob-UI in versions through 3.0.1. The issue arises from the ability to craft a malicious JDBC URL for the H2 database, exploiting the application to execute arbitrary code. This attack requires the attacker to have valid account credentials.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Apache ShardingSphere ElasticJob-UI is running.

Remediation

Users can upgrade to Apache ShardingSphere ElasticJob-UI version 3.0.2 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache ShardingSphere ElasticJob-UI Remote Code Execution Vulnerability via H2 JDBC URL

Vulnerability

Impact

Remediation

Affected Products

Apache ShardingSphere ElasticJob-UI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating